Collection and retention of personal data and type and purpose of use

When visiting the website

When you visit our website www.eew-group.com, information is automatically sent to our website server by the browser you are using on your device. This information is temporarily retained in a log file. The information listed below is automatically collected and retained until it is automatically deleted, generally after one week:

IP address of the requesting computer,

Date and time of access,

Name and URL of the file opened,

Website from which you accessed our website (referrer URL),

Browser used and optionally your computer's operating system as well as the name of your access provider.

We process the data listed above for the following purposes:

to guarantee the establishment of a smooth connection to the website,

to guarantee easy use of our website,

to evaluate system security and stability,

to investigate any suspicious or unauthorized access attempts (DoS/DDoS attacks, among others) and

for other administrative purposes.

The legal basis for processing the data is Art. 6, para. 1, sent. 1, letter f of the GDPR. Our justified interest is consistent with the purposes listed above for which we collect the data. As a rule we do not use the data we collect to identify you. However, we reserve the right to do so in the event it becomes necessary to investigate unauthorized access to or misuse of our site.

In addition, we have implemented Cookies and Analysis Tools on our website (see "Cookies" and "Analysis Tools" below).

When subscribing to our newsletter

If you have expressly consented according to art. 6 para. 1 sentence 1 lit. a GDPR, we will use your e-mail address to regularly send you our newsletter. To receive the newsletter it is sufficient to provide an e-mail address.

You can use the selection fields to control exactly which subject areas you would like us to inform you about through our newsletter. This data about your interests will be used by us exclusively for the purpose of sending you our newsletter. No profile is formed.

You may also voluntarily provide us with your title, surname and first name (Art. 6 para. 1 lit. a GDPR). We may process these additional data on the basis of your consent to personalise our newsletter for you, i.e. to address you personally as the recipient.

The registration to our newsletter takes place in a so-called double opt-in procedure, i.e. after the registration you receive an e-mail in which you are asked to confirm your registration. The subsequent confirmation will be logged by us for verification purposes; the time of registration and confirmation will be stored together with your e-mail address.

Our newsletters are sent via "MailChimp", a platform of the Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The e-mail addresses of our newsletter recipients, as well as their further data described in the context of these notes, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp can use this data according to its own information to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the newsletter or for economic purposes, in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write them down or pass them on to third parties.

MailChimp has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. In addition, we have concluded a data processing agreement with MailChimp. Further information on the purpose and scope of data collection and its processing in the context of the newsletter using "MailChimp" is contained in the data protection declaration of "MailChimp" communicated below. There you will also find further information on the rights of users and the setting options for the protection of privacy:

You can unsubscribe from the newsletter at any time via a link at the end of each newsletter.

You are welcome to send the withdrawal of your consent regarding the use of your title, surname and first name as well as a cancellation request from the newsletter as a whole to info@eew-group.com by e-mail at any time.

If you unsubscribe from the newsletter, also your data communicated to us beyond the e-mail address will be deleted from the distribution list.

When using our contact form

If you have expressly consented according to art. 6 para. 1 sentence 1 lit. a GDPR, we will use your e-mail address to regularly send you our newsletter. To receive the newsletter it is sufficient to provide an e-mail address.

You can use the selection fields to control exactly which subject areas you would like us to inform you about through our newsletter. This data about your interests will be used by us exclusively for the purpose of sending you our newsletter. No profile is formed.

You may also voluntarily provide us with your title, surname and first name (Art. 6 para. 1 lit. a GDPR). We may process these additional data on the basis of your consent to personalise our newsletter for you, i.e. to address you personally as the recipient.

The registration to our newsletter takes place in a so-called double opt-in procedure, i.e. after the registration you receive an e-mail in which you are asked to confirm your registration. The subsequent confirmation will be logged by us for verification purposes; the time of registration and confirmation will be stored together with your e-mail address.

Our newsletters are sent via "MailChimp", a platform of the Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA. The e-mail addresses of our newsletter recipients, as well as their further data described in the context of these notes, are stored on the servers of MailChimp in the USA. MailChimp uses this information to send and evaluate the newsletter on our behalf. Furthermore, MailChimp can use this data according to its own information to optimize or improve its own services, e.g. to technically optimize the sending and presentation of the newsletter or for economic purposes, in order to determine from which countries the recipients come. However, MailChimp does not use the data of our newsletter recipients to write them down or pass them on to third parties.

MailChimp has submitted to the EU-US Privacy Shield, www.privacyshield.gov/EU-US-Framework. In addition, we have concluded a data processing agreement with MailChimp. Further information on the purpose and scope of data collection and its processing in the context of the newsletter using "MailChimp" is contained in the data protection declaration of "MailChimp" communicated below. There you will also find further information on the rights of users and the setting options for the protection of privacy:

You can unsubscribe from the newsletter at any time via a link at the end of each newsletter.

You are welcome to send the withdrawal of your consent regarding the use of your title, surname and first name as well as a cancellation request from the newsletter as a whole to info@eew-group.com by e-mail at any time.

If you unsubscribe from the newsletter, also your data communicated to us beyond the e-mail address will be deleted from the distribution list.

When using our contact form If you have any questions, we offer you the opportunity to contact us using the form provided on the website. A valid e-mail address is required so that we know who sent the request and can respond to it. Further information can be provided voluntarily.

Data provided for purposes of contacting us is processed in accordance with Art. 6, para. 1, sent. 1, lit a GDPR on the basis of your voluntarily given consent.

We will automatically delete the data we collect and process in the framework of your contact with us after your inquiry has been handled.

For questions of any kind we would like to inform you that you have the possibility to get in touch with us via a formular provided on the website. Only the name of you is necessary. If you would like to receive a response from us, it would also be necessary to provide either a valid e-mail address or a telephone number so that we know where the request came from and to answer them. Further information can be provided voluntarily.

Unless your request does not concern Erndtebrücker Eisenwerke GmbH & Co.KG, but one of our affiliated companies in Germany, Europe or the world, we will transfer your request to the respective group company for further processing. Your contact requests to Group companies based outside of the EU or EEA member states will only be transfer if this is necessary for the fulfillment of a contract between you and the local group company or for the implementation of precontractual measures at your request (Art. 49, para.1, lit. b GDPR) or you have once again expressly given your express consent (Art. 49, para.1, lit. a GDPR).

The data processing for the purpose of contacting us is in accordance with Art. 6 para.1, sent.1, lit. a GDPR on the basis of your voluntarily granted consent or in case of (pre-) contractual requests on the basis of Art. 6 para.1, lit. b GDPR. For a transmission of your request to other Group companies on our part there is a legitimate interest that results from the organization of our group of companies (Art. 6 para.1, lit. f GDPR).

The personal data collected of the contact formular will be automatically deleted after completion of the request you made and, if applicable, after the expiry of statutory retention periods.

If you have any questions about the data collected during the establishment of contact, the external Data Protection Officer is responsible for the locations Erndtebrücker Eisenwerk GmbH & Co. KG, EEW-Pickhan Umformtechnik GmbH and EEW-Bergrohr GmbH:

Transfer of data

Your personal data will not be transferred to third parties for purposes other than those listed below. We transfer your personal data that we have collected via this website to third parties only if:

you have given your express consent for such a transfer in accordance with Article 6, para. 1, sent. 1, lit. a GDPR,

the transfer is necessary in accordance with Article 6, para. 1, sent. 1, lit. f GDPR for the establishment, exercise or defense of claims under the law and there is no reason to assume that you have a justified overriding interest in not allowing your data to be transferred.

if we are legally obligated to transfer the data in accordance with Art. 6, para. 1, sent. 1, lit. c GDPR, and

the transfer is permitted by law and in accordance with Art. 6, para. 1, sent. 1, lit. b GDPR for the handling of contractual relationships with you.

Cookies

We use cookies on our page. Cookies are small files automatically created by your browser when you visit our site and stored on your device (laptop, tablet, smartphone, etc.). The cookie contains information, the exact content of which depends on the specific device you are using. However, that does not mean that we thereby receive direct knowledge of your identity. On the one hand, we use cookies to make our site easier for you to use. For example, we use session cookies to tell us that you have already visited individual pages of our website. These session cookies are automatically deleted after you leave our site.

To optimize the user-friendliness of our site, we also use temporary cookies that are retained on your device for a specified period of time. If you visit our site again to use our services, the site automatically knows that you have visited us before and what data and settings you have entered so you do not have to enter them again.

On the other hand, we use cookies to statistically record the use of our website and to evaluate it for the purpose of optimizing our services (see "Analysis tools"). These cookies enable us to automatically recognize when you return to our site that you have already been with us. These cookies are automatically deleted after a defined period of time.

We process the data processed by cookies exclusively on the basis of your prior consent, Art. 6 para. 1 lit. a GDPR. In this case, we process the data collected through cookies for the above-described purposes.

You can also configure your browser so that cookies are not saved on your computer, or so that a notice always appears before a new cookie is saved. However, if you deactivate all cookies you may not be able to use all the functions of our website.

Analysis Tools

Tracking Tools The tracking measures listed below and used by us will only be carried out with your consent on the basis of Art. 6 para. 1 sentence 1 lit. a GDPR. With the following tracking measures we want to ensure a demand-oriented design and the continuous optimization of our website. On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer. The respective data processing purposes and data categories can be found in the information texts for the corresponding tracking tools.

i) Google Analytics For the purpose of demand-oriented design and continuous optimization of our pages, we use Google Analytics, a web analysis service provided by Google Inc. (https://www.google.de/intl/de/about/)(Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Irland; hereinafter "Google"). On the other hand, we use the tracking measures to statistically record the use of our website and to evaluate it for the purpose of optimizing our offer. We carry out this processing exclusively on the basis of your previously given consent (see "Cookies" above).

Google Analytics creates pseudonymised user profiles for us. The information generated by the Google Analytics cookie about your use of this website such as

Browser type/version,

the operating system used,

Referrer URL (the previously visited page),

Host name of the accessing computer (IP address),

Time of the server request,

are transferred to a Google server in the USA and stored there. The information is used to evaluate the use of the website, to compile reports on the website activities and to provide further services associated with the use of the website and the Internet for the purposes of market research and demand-oriented design of these Internet pages. This information may also be transferred to third parties if this is required by law or if third parties process this data on behalf of the company. Under no circumstances will your IP address be merged with other data from Google. The IP addresses are anonymized so that an assignment is not possible (IP masking).

You may refuse the use of cookies by selecting the appropriate settings on your browser software at any time, however please note that if you do this you may not be able to use the full functionality of this website.

You can also prevent the collection of data generated by the cookie and related to your use of the website (including your IP address) and the processing of this data by Google by downloading and installing a browser add-on (https://tools.google.com/dlpage/gaoptout?hl=en).

As an alternative to the browser add-on, especially for browsers on mobile devices, you can also prevent Google Analytics from collecting data by clicking on this link: deactivate Google Analytics. An opt-out cookie is set to prevent future collection of your data when you visit this website. The opt-out cookie is only valid in this browser and only for our website and is stored on your device. If you delete the cookies in this browser, you must set the opt-out cookie again.

ii) Lead Forensics The Lead Forensics software tool from Lead Forensics, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN, UK, is active on our website. This software does not use cookies, but only collects the IP address when you visit our website. This IP address is then transmitted to Lead Forensics and compared with their own data.

Lead Forensics collects, processes and stores data about companies and decision makers. These are limited to first name, last name, e-mail address, social profiles (limited to LinkedIN) and the business IP address. Other business data may also be processed, such as company name, function, turnover and business address. As soon as the data has been compared, Lead Forensics will make the IP address anonymous.

After such a data comparison we receive from Lead Forensics the information from their database, which could be assigned to the respective IP address. As a result, we know who is interested in our products and services and have the opportunity to contact visitors to our website directly.

Google Fonts

On our website we use Google Fonts. This enables the display of fonts. Google Fonts is a service of Google Inc, 1600 Amphitheatre Parkway, Mountain View, California, 94043, USA ("Google"). These web fonts are integrated by a server call, usually via a Google server in the USA. This may result in the following being transmitted to the server and stored by Google:

name of the browser used

version of the browser

Website from which the request was triggered

Operating system of the user

Screen resolution of the user

IP address of the user

Language settings of the browser or operating system used by the user

Google assures that the collection and storage of personal data in connection with the use of Google Fonts is reduced to a minimum. In particular, no cookies are used when using Google Fonts. Your data collected when using Google Fonts will not be merged with other Google databases (e.g. from the use of Gmail). The font files themselves are cached by Google for one year: Because millions of websites refer to the same fonts, they are cached after visiting the first website and immediately appear on all other websites visited later. According to Google's own statements, this means that website visitors only send very few queries to Google. Google says that you only see one CSS query per font family, per day, per browser. Google uses font usage data in anonymous form to generate statistical evaluations of the popularity of certain fonts on the Internet.

The use of Google Fonts serves to make reading our website easier and graphically more pleasant for you and is therefore based on our legitimate interests pursuant to Art. 6 para. 1 lit. f GDPR. Google has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

Social Media Plug-ins

We use social plug-ins from the social networks Facebook, Google+, XING, Linkedin and Instagram on this website on the basis of art. 6 para. 1 lit. f GDPR in order to make us more known. The underlying advertising purpose corresponds to our legitimate interest, Art. 6 para. 1 lit. f GDPR. Responsibility for the data protection-compliant operation of social networks must be guaranteed by their respective providers.

These plug-ins are integrated using the so-called two-click method in order to protect users in the best possible way. This means that when a user visits our site, no personal data is initially transmitted to the providers of the plug-ins. Users can recognize the provider of the plug-in by the marking on the box above its initial letter or the respective logo (e.g. for Facebook: white "f" on blue tile or a "thumbs up" sign). We offer users the possibility to communicate directly with the provider of the plug-in via the button. Only if a user clicks on the marked field and thereby activates it, the plug-in provider receives the information that a user has accessed the corresponding website of our online offer. In addition, personal data (in particular the IP address) will then be transmitted to the provider of the respective plug-in. Some providers make the IP address anonymous immediately after it is collected. By activating the plug-in, personal data of the user may be transferred to the respective plug-in provider and stored there (for US providers in the USA). Since the plug-in provider collects data particularly via cookies, we recommend that users delete all cookies before clicking on the grayed-out box via the security settings of their browser.

We have no influence on the collected data and data processing processes, nor are we aware of the full extent of data collection, the purposes of processing, the storage periods with the plug-in providers. We also have no information on the erasure of the data collected by the plug-in provider.

The respective plug-in provider stores the data collected about users of our online offer as user profiles and uses these for purposes of advertising, market research and/or demand-oriented design of its own website. Such an evaluation takes place in particular (also for not logged-in users) for the representation of demand-oriented advertisement and in order to inform other users of the social network about the activities of the users on our website. Users have a right to object to the creation of these user profiles, whereby a user must contact the respective plug-in provider directly in order to exercise this right. Through the plug-ins we offer users the possibility to interact with social networks and other users, so that we can improve our offer and make it more interesting for our users.

The data transfer is independent of whether users have an account with the plug-in provider and are logged-in there. If users are logged-in with the plug-in provider, their data collected with us will be directly assigned to their existing accounts with the plug-in provider. If a user presses the activated button and e.g. links the page, the plug-in provider also stores this information in the relevant user account and communicates it publicly to the user's contacts. We therefore recommend that you log out regularly after using a social network, but especially before activating the button, as this avoids any assignment to the profile with the plug-in provider.

Further information on the purpose and scope of data collection and its processing by the plug-in providers is contained in the data protection declarations of these providers notified below. There you will also find further information on the rights of users and the setting options for the protection of privacy within these networks.

Integration of YouTube videos

We have integrated YouTube videos into our online offer, which are stored on www.YouTube.com and can be played directly from our website. YouTube is another Google service. YouTube videos are all integrated in the "extended privacy mode", i.e. no data about users is transmitted to YouTube if they do not play the videos. Only when a user plays the videos the following data are transmitted. We have no influence on this data transmission.

By visiting the website, YouTube receives information when playing a video that the user has called up the corresponding subpage of our online offer. In addition, further information about the use of this online offer (including the IP address of the user) will be transmitted to a YouTube server in the USA and stored there. This is independent of whether YouTube provides a user account through which the user is logged-in, or whether no user account exists. If the user is logged-in to YouTube, his data will be assigned directly to his account. If a user does not wish to be assigned to his profile on YouTube, he must log out before activating the button. YouTube stores data as user profiles and uses them for purposes of advertising, market research and/or demand-oriented design of its website. Such an evaluation takes place in particular (even for unlogged-in users) to provide demand-oriented advertising and to inform other users of the social network about the activities of the user on our online offer. The user has the right to object to the creation of these user profiles, whereby the user must contact YouTube to exercise this right.

Further information on the purpose and scope of data collection and processing by YouTube is contained in the data protection declaration, as is further information on rights and setting options for the protection of privacy: www.google.de/intl/de/policies/privacy.

Rights of data subjects

You have the right:

under Art. 15 GDPR to request information concerning your personal data processed by us. In particular, you can request information on the purpose of the processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the envisaged period of time the data will be stored, your right to the correction, erasure, restriction of processing, your right to object, your right to lodge a complaint, the origin of your data if it was not originally collected by us, and the potential existence of automated decision-making, including profiling, and, if so, reliable information on the details of such processes;

We may only refuse to disclose information to you if and to the extent that such information would reveal information which must be kept secret in accordance with a legal provision or its nature, in particular because of the overriding legitimate interests of a third party (§ 29 para. 1 sentence 2 BDSG), the responsible public authority has established to us that the disclosure of the data would endanger public security or order or otherwise adversely affect the welfare of the Federal Republic of Germany or a federal state (§ 34 para. 1 No. 1 BDSG in conjunction with § 33 para. 1 No. 2 lit. b BDSG), or the data are stored only because they may not be deleted due to legal or statutory storage regulations, or exclusively serve purposes of data backup or data protection control and the provision of information would require a disproportionate effort and processing for other purposes is excluded by suitable technical and organizational measures (§ 34 para. 1 No. 2 BDSG).

under Art. 16 GDPR to demand the immediate correction of incorrect or incomplete personal data retained by us;

under Art. 17 GDPR to demand the erasure of your personal data retained by us, unless the processing of this data is necessary to exercise the right of freedom of expression and information that is required to comply with legal requirements for reasons of public interest or for the establishment, exercise or defense of legal claims;

under Art. 18 GDPR to demand the restriction of processing of your personal data if you contest its accuracy, the processing is unlawful, the data subject opposes the erasure of the personal data and we no longer need the data, although you require it for the establishment, exercise of defense of legal claims, or you have contested its processing under Art. 21 GDPR.

under Art. 20 GDPR to receive your personal data that you have provided to us in a structured, standard and machine-readable format or to demand its transfer to another authorized person;

under Art. 7, para. 3, to withdraw your previously given consent at any time. If you do, we will no longer be able to continue any data processing that was based on this consent,

if your personal data is processed on the basis of justified interests in accordance with Art. 6, para. 1, sentence 1, letter f GDPR, under Art. 21 GDPR you can object to the processing of your personal data if grounds exist that are related to your particular situation or your objection is directed toward direct marketing. In the latter case you have a general right to contest processing of your personal data by us without having to describe your particular situation.

You also have a general right to lodge a complaint with the Data Protection Supervisory Authority having jurisdiction for you. The authority responsible for us is the "Landesbeauftragte für den Datenschutz Nordrhein-Westfalen".

To exercise your right to withdraw your consent or to object to the processing of your personal information, just sent an e-mail to info@eew-group.com.

Data security

During your website visit, we use common SSL (Secure Socket Layer) encryption together with the highest encryption level that is currently supported by your browser. This is generally 256-bit encryption. If your browser does not support 256-bit encryption, we will instead use 128-bit v3 technology. You can determine whether an individual page of our Internet site is transmitted in encrypted form by looking for the locked display of the lock or key symbol in the bottom status line of your browser.

We also use appropriate technical and organizational security measures to protect your data from accidental or malicious tampering, partial or total loss, destruction and unauthorized third-party access. Our security measures are continuously updated as the technology evolves.

Date and amendment of this data protection notice

This data protection notice is valid as of May 2018. As a result of the evolution of our website and offerings on it, or as a result of modified legal or official requirements, it may occasionally be necessary to amend this data protection notice. You can at any time consult and print out the current data protection notice on the website under eew-group.com/legal-disclaimer/